Over the last decade, malicious attacks have become a pervasive problem for Internet users as most networked resources include vulnerable software. For instance, over the past few years, more and more vulnerabilities are being discovered in software that is loaded onto network endpoints, such as vulnerabilities within operating systems and applications installed on endpoint systems. While some software vulnerabilities continue to be addressed through software patches, network endpoints will continue to be targeted for attack in efforts to acquire sensitive information or adversely affect operations of various enterprises.
In general, efforts have been made to counter malicious attacks over web traffic. One effort has been directed to security appliances that monitor web traffic coming into an enterprise network and performs both preliminary and virtual machine (VM) based analysis of objects associated with the web traffic in order to detect the presence of exploits. Although effective in detecting malicious attacks, these types of security appliance have a few challenges.
In its current configuration, the security appliance handles VM-based analysis, which consumes a great amount of processing and memory resources. Due to memory and/or processing constraints that exist for all standalone security appliances, there will be limits on the number of virtual machines (VMs) as well as the number of permutations of software profiles (e.g., software images of operating systems and application versions) that can be supported by the security appliance. Also, as most of the memory and/or processing resources with the security appliance are directed to preliminary and VM-based analysis, it is difficult to introduce new or experimental features or enhancements without increased processing or memory, as such features or enhancements would equate to lesser processing and/or memory reserved for core preliminary or VM-based analysis.